Full Report
Don’t singularly focus on the speed of AI attacks. You must also prepare for the shift AI is bringing to the threat landscape. Join Tenable at EXPOSURE 2026 to witness a live AI-vs-AI battle and get clarity to defend your organization against next-generation autonomous threats.Key takeawaysOrganizations must expand their visibility to map a growing attack surface that now includes AI-enabled applications and the interconnected business logic they expose, which attacks, like natural language prompt injection, can leverage.Standard security tools cannot assess the AI-extended attack surface or counteract the sophisticated reasoning of autonomous agentic threats, requiring investment in specialized security products and detection capabilities.Effective AI governance requires setting clear thresholds for autonomous agent actions to ensure organizational policy governs critical operations.You’ve heard and read a lot about how AI is upending cybersecurity. But have you actually seen an AI attack unfold right before your eyes? It’s one of many compelling reasons for you to join us at Tenable’s EXPOSURE 2026 conference in Boston from May 19 to 21.During a keynote, you can witness a live simulation where two agentic AI tools — an offensive red team and a defensive blue team — duel, simultaneously attacking and protecting a vibe-coded expense report application that has an embedded large language model (LLM) chatbot.The presentation, titled “The AI battle: A live defense simulation,” will offer you a unique opportunity to deepen your understanding of AI attacks and AI defenses, as well as gain invaluable insights to boost your organization’s AI security strategy.AI attack speed is part of the pictureResearchers Robert McSulla and Ben Smith crafted the simulation to drive home this point: If you just focus on countering the machine speed of AI attacks, you’ll fall short of protecting your organization. Why? While AI has indeed accelerated cyber attacks, it has also radically transformed them in multiple other ways.By creating a unique, custom demo of an all-out agentic AI battle, the researchers will showcase multiple novel attack vectors in a clear and structured manner, aided by elements such as a timeline, a battle status monitor, and a scorecard. For example, the presentation will unpack autonomous defensive assessments by the blue-team agent, as well as sophisticated attack planning by the red-team agent.The presentation will make it clear that while AI makes attackers faster, this increased speed represents a quantitative change. You can defend against faster AI attacks if you tune up the tools you already have.However, AI has also brought about substantial changes, including an expanded attack surface; AI vs. AI attacks; new adversary capabilities; and context poisoning. To counter these new elements, you can’t rely on conventional cybersecurity tools and processes. A web application firewall rule can’t defuse a prompt injection attack. A Sigma rule can’t detect a semantic jailbreak attempt. During the presentation, you’ll see how in order to secure the simulation’s app – whose LLM chatbot has access to business logic, user data, and external tools – you’ll need security controls and capabilities designed specifically for AI.In the end, you’ll emerge from the talk with concrete actions your team can implement right away, including:Threat actors are already leveraging AI. If your organization is not using AI for security, you are operating at a significant disadvantage.Effective defense requires proactively considering and defining your governance thresholds for the use of autonomous defensive AI.But wait, there’s much more at EXPOSURE 2026“The AI battle: A live defense simulation” is just one of the many presentations at EXPOSURE 2026 that’ll boost your understanding of how and why exposure management is a requirement for effective cybersecurity in the AI era.With an exposure management strategy, your cybersecurity teams can regain control over a chaotic attack surface that has exploded in size and complexity due to AI. Exposure management gives you unified visibility over all assets – wherever they are – and their security issues, such as vulnerabilities, misconfigurations, and overprivileged identities, so that you can proactively slash cyber risk, including AI-driven threats.EXPOSURE 2026, which will be held in Boston from May 19 to May 21 at the Hilton Boston Park Plaza, features an impressive roster of cybersecurity experts, including: Smithfield Foods’ CISO Jim NelmsGEICO CISO Rick VadgamaVerizon’s Senior Director, Readiness and Proactive Security, Jorge OrchillesMunich Re’s Global Head of IT Risk and Security John SchrammCloud Security Alliance CEO Jim ReavisYou’ll also get a chance to hear directly from top-level Tenable executives, including: Co-CEOs Steve Vintz and Mark Thurmond, who will explain how exposure management is redefining modern cybersecurityChief Technology Officer Vlad Korsunsky, who will unpack how attackers use AI to accelerate reconnaissance, chain misconfigurations, abuse over-privileged identities, and exploit overlooked AI services and integrationsChief Product Officer Eric Doerr, who will explain what AI capabilities actually work; where AI meaningfully improves triage, investigations, and prioritization; and where teams should avoid over-automation, blind spots, and hype-driven misstepsChief Security Officer Robert Huber, who will sit down with fellow cyber leaders to talk about building an exposure management program; communicating effectively with the board; and operationalizing exposure managementIf you’re looking to sharpen your cybersecurity skills and boost your professional development, EXPOSURE 2026 offers the following technical training tracks:“Introduction to exposure management business theory (EMBT),” for which participants will receive a certificate of completion“Exposure management for practitioners and analysts,” for which participants will receive a certificate of completion and a free enrollment code to take the full “Tenable One Specialist” course after the conferenceEager to boost your understanding of AI security and exposure management? Register for EXPOSURE 2026 today.
Analysis Summary
# Industry News: Tenable Announces EXPOSURE 2026, Highlighting Agentic AI-vs-AI Defensive Simulations
## Summary
Tenable has announced its EXPOSURE 2026 conference, scheduled for May 2026 in Boston, focusing on the shift from simple AI speed-focused attacks to complex agentic threats. The event will showcase a live "AI-vs-AI" battle to demonstrate how autonomous agents can exploit and defend interconnected business logic and LLM-integrated applications.
## Key Details
- **Date:** May 19–21, 2026
- **Companies Involved:** Tenable (Host); Speakers from GEICO, Verizon, Smithfield Foods, Munich Re, and the Cloud Security Alliance.
- **Category:** Industry Event / Product Strategy Announcement
## The Story
As AI shifts from a tool for "faster" attacks to a mechanism for "autonomous" reasoning, Tenable is positioning its 2026 flagship event to address the qualitative change in the threat landscape. The centerpiece of the conference is a live simulation featuring two "agentic" AI tools—an offensive red team and a defensive blue team—dueling over an LLM-enabled expense report application.
The core message is that standard security controls, such as traditional Web Application Firewalls (WAFs) or Sigma rules, are insufficient against new vectors like natural language prompt injection, context poisoning, and semantic jailbreaks. Tenable argues that organizations must move beyond general vulnerability management toward "Exposure Management," which specifically accounts for the AI-extended attack surface, over-privileged AI identities, and insecure AI integrations.
## Business Impact
### For the Companies Involved
- **Tenable:** Consolidates its transition from a vulnerability scanner (Nessus) to an "Exposure Management" platform leader. By focusing on AI, Tenable is attempting to secure "early mover" status in the specialized AI-Security (AISec) market.
### For Competitors
- **Competitive landscape impact:** Rivals in the CNAPP (Cloud Native Application Protection Platform) and vulnerability management space will face pressure to demonstrate similar "agentic" defensive capabilities rather than just static AI-assisted search functions.
### For Customers
- **Impact on end users:** Organizations are being signaled that their current security stacks likely have blind spots regarding AI business logic. Buyers will need to budget for "AI-specific" security controls and governance frameworks.
### For the Market
- **Broader market implications:** There is a clearer move toward "Agentic Security"—where AI agents defend against AI attackers—suggesting that human-led SOC (Security Operations Center) response times may soon be considered obsolete for specific classes of attacks.
## Technical Implications
The news highlights the emergence of "Agentic AI" threats—AI that doesn't just execute a script but "reasons" to chain misconfigurations and exploit overlooked integrations. Technical defense is shifting from signature-based detection to behavioral and semantic analysis capable of identifying malicious intent within natural language prompts and business logic flows.
## Strategic Analysis
- **Market Positioning:** Tenable is positioning "Exposure Management" as the necessary evolution of cybersecurity to handle the "chaotic attack surface" created by rapid AI adoption.
- **Competitive Advantage:** By hosting CISOs from GEICO and Verizon, Tenable is leveraging social proof to demonstrate that high-compliance industries are already adopting their exposure management philosophy.
- **Challenges:** The primary risk is "hype fatigue." Tenable must ensure that their "AI-vs-AI" simulation translates into practical, deployable products rather than remaining a theoretical keynote demonstration.
## Industry Reactions
- **Analyst Alignment:** Industry consensus is rapidly shifting toward the idea that AI-driven attacks require AI-driven defenses; however, the practicality of "autonomous" defense remains a point of intense scrutiny regarding false positives.
- **Expert Commentary:** Leaders like Jim Reavis (CSA) appearing at the event suggests a push for standardized AI governance thresholds across the industry.
## Future Outlook
- **Predictions:** By 2026, "Agentic AI" will likely be a standard component of both malware and enterprise defensive suites.
- **What to watch for:** Watch for Tenable to announce specific "AI Security" modules or product integrations within the Tenable One platform that automate the governance thresholds mentioned in the conference preview.
## For Security Professionals
Practitioners should recognize that "machine speed" is no longer the only challenge; "autonomous reasoning" by attackers is the new frontier. Professionals should focus on mapping how AI is integrated into their company’s business logic and begin defining "governance thresholds"—rules that dictate when an autonomous security agent is allowed to take action without human intervention.